August 29, 2008
 
About the AICPA
Member Service Center
Membership Information
AICPA Mission
Corporate Governance
Understanding the Organization
Frequently Asked Questions
Media Center
People and Places
Jobs at the AICPA
Vision Project
Legal Briefs
Professional Resources
Accounting and Auditing
Accounting and Auditing Technical Help
Accounting Standards
Audit and Attest Standards
Audit Committee Effectiveness Center
Authoritative Standards
Business Reporting Assurance & Advisory Services
Enhanced Business Reporting
GAAP Codification
IFRS
Private Company Financial Reporting
Sarbanes-Oxley Resources
SEC Regulations Committee
XBRL
Tax
Business, Industry, and Government
Financial Management Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Public Accounting Firm Resources
CPA Marketing Toolkit
Center for Audit Quality
Employee Benefit Plan Audit Quality Center
Governmental Audit Quality Center
PCPS Firm Practice Center
Small Firm Corner
Peer Review
AICPA Peer Review Program
Peer Review Public File
Center Peer Review Program
Peer Review Transparency
Professional Ethics/Code of Conduct
Code of Conduct
Disciplinary Actions
Professional Ethics
Personal Financial Planning
Forensic and Valuation Services
Information Technology
Antifraud Resource Center
Financial Literacy
Exposure Drafts
Conferences, Publications, CPE & the AICPA Library
AICPA Conferences
CPE
Publications
AICPA Library
Magazines and Newsletters
The CPA Letter
Journal of Accountancy
Journal of Accountancy Classified Ads
Newsletters
The Tax Adviser
Weekly News Updates
Copyright Information
Becoming a CPA/Academic Resources
Accounting Education Center
CPA Candidates and Students
Minority Initiatives
Start Here. Go Places.
Career Development and Workplace Issues
What's New
Career Advice
Job Search Tools
Mentoring Guidelines
Women in the Profession
Work-Life Balance
Young CPA Network
Consumer Information
360 Degrees of Financial Literacy
Antifraud Resource Center
Audit Committee Effectiveness Center
Audit Committee Matching System
Disciplinary Actions
Find a CPA
Peer Review Public File
Web Trust
Media Center and Video Library
Media Center
Video Library
Legislative Activities and State Licensing Issues
Congressional and Federal Affairs
Mobility and State Licensing Issues
State News and Info
Home · Practice Alert 97-2
 
  Practice Alert 97-2 (Updated April 15, 1999)
 

Published for AICPA members. Opinions expressed in this CPA Letter supplement do not necessarily reflect policy of the AICPA.

Jennifer R. Roddy, supplement editor, 201/938-3020; fax 201/938-3404; jroddy@aicpa.org

Ellen J. Goldstein, CPA Letter editor
212/596-6112; egoldstein@aicpa.org

Notice To Readers

This Practice Alert is intended to provide auditors with information that may help them improve the efficiency and effectiveness of their audits. This document has been prepared by the SEC Practice Section Professional Issues Task Force (PITF) and is based on the experiences of the individual members of the task force and matters arising from litigation and peer reviews. It has not been approved, disapproved, or otherwise acted upon by any committee of the AICPA.

Audits Of Employee Benefit Plans

Introduction

The AICPA Peer Review Program, the AICPA Professional Ethics Division, as well as the U.S. Department of Labor (DOL), continue to note a high rate of deficiencies on audits of employee benefit plans. These deficiencies primarily resulted from the auditor's failure to comply with professional auditing standards and DOL reporting requirements. Practitioners, whose work is considered deficient by the DOL's Pension and Welfare Benefit Administration (PWBA), are referred to state licensing boards and/or to the AICPA Professional Ethics Division, and could face severe consequences, including loss of license and loss of membership in the AICPA, if found to have performed deficient employee benefit plan audits. Plan administrators could face monetary civil penalties under ERISA section 502(c)(2) if found to have filed deficient audit reports.

Employee benefit plans must meet a number of specialized financial, operational and regulatory requirements, and auditors have certain responsibilities for testing compliance with certain of those requirements. This Practice Alert is intended to assist auditors of employee benefit plans by providing an overview of the governmental oversight of employee benefit plans, the relevant financial accounting and reporting standards and the common deficiencies noted on such audits. This Practice Alert also includes best practices adopted by firms performing audits of employee benefit plans and an overview of current legislative developments which, if enacted, would significantly change the way employee benefit plan audits are conducted.

Governmental Oversight of Employee Benefit Plans

The Employee Retirement Income Security Act of 1974 (ERISA) was enacted to protect the interests of workers who participate in employee benefit plans and their beneficiaries. To achieve this objective, ERISA requires financial reporting to government agencies and disclosure to participants and beneficiaries, establishes standards of conduct for plan fiduciaries, and provides for appropriate remedies, sanctions, and access to the federal courts. ERISA also provides for substantial federal government oversight in the operating and reporting practices of employee benefit plans. The ERISA reporting requirements and the plans subject to those requirements are described in the AICPA Audit and Accounting Guide, Audits of Employee Benefit Plans, with conforming changes as of May 1, 1999 (the AICPA Guide). This Practice Alert addresses employee benefit plans that are subject to ERISA.

Financial Accounting and Reporting Standards

FASB Statement No. 35, Accounting and Reporting by Defined Benefit Pension Plans, established standards of financial accounting and reporting for financial statements of defined benefit pension plans, but did not establish standards for defined contribution plans or health and welfare benefit plans. The AICPA Guide provides comprehensive guidance, including the guidance prescribed by FASB Statement No. 35, on accounting, auditing, and reporting matters for defined benefit, defined contribution and health and welfare benefit plans.

Employee benefit plans that are subject to ERISA are required to report certain information annually to federal government agencies — that is, the DOL, Internal Revenue Service (IRS), and Pension Benefit Guaranty Corporation Comments or questions on this Alert should be directed to the AICPA's SEC Practice Section at (201) 938-3022. and to provide summarized information to plan participants. For many plans, the information is reported to the IRS on Form 5500, Annual Return/ Report of Employee Benefit Plan, which includes financial statements and certain supplemental schedules (for example, plan investments and reportable transactions).

Common Deficiencies

The PWBA has established an ongoing quality review program to enhance the quality of audit work performed by independent auditors in audits of plan financial statements that are required by ERISA. The AICPA, working with the PWBA, has made a concerted effort to improve the guidance available to auditors of employee benefit plans, and has incorporated such improvements in the AICPA Guide. The DOL strongly encourages the use of the AICPA Guide in meeting the requirements contained in ERISA. A complement to the AICPA Guide, the AICPA Employee Benefit Plans Audit Risk Alert — 1999, (the AICPA Audit Risk Alert) provides an overview of recent economic, industry, regulatory, and professional developments. Both the AICPA Guide (Product No. 0123368QB) and the AICPA Audit Risk Alert (Product No. 022201QB) can be ordered from the AICPA Order Department at 888/777-7077 by phone, or at 800/362-5066 by fax.

The PWBA, in their review of employee benefit plan audits, has noted the following common deficiencies:

  • Inadequate audit program or planning documentation. Such deficiencies included lack of a specific audit program tailored to the audit of employee benefit plans, failure to obtain/ review relevant plan documents, failure to understand the operations of the plan or current developments affecting the plan, and failure to address the area of prohibited transactions in the audit program. (Chapter 5 of the AICPA Guide provides guidance on audit planning, including the limited-scope audit exemption.)
  • Inadequate documentation of the auditors understanding of the plans internal control. Such deficiencies included either no work or significantly inadequate work with respect to obtaining a sufficient understanding of the plan's internal control. (Chapter 6 of the AICPA Guide provides guidance on internal control.)
  • Inadequate documentation supporting the audit work performed and insufficient procedures performed. Such deficiencies included failure to perform sufficient audit work related to participant data, benefit payments and/or plan obligations. (Chapters 9 and 10 of the AICPA Guide provide guidance in these areas.) Also, in certain instances, the auditor did not test the fair market valuations, investment transactions or authorizations for investment transactions. (Chapter 7 of the AICPA Guide provides guidance on investments.) In limited-scope engagements, the auditor did not obtain the proper certification from the bank or insurance company or the certification did not cover all of the plan assets. (Paragraphs 7.51-7.52 of the AICPA Guide provide guidance on limited-scope auditing procedures.) In audits of multi-employer plans, the auditor performed inadequate work relating to the contributions received from contributing employers. In certain participant-directed plans, the auditor did not agree the allocation of employee contributions to selected investment options. (Chapter 8 of the AICPA Guide provides guidance on contributions received and related receivables.)
  • Deficiencies in the auditors report. Such deficiencies included failure to reflect a departure from generally accepted accounting principles, and failure to report on all the years presented. (Chapter 13 of the AICPA Guide provides guidance on, and examples of, auditor's reports.)
  • Deficiencies in the note disclosures. Such deficiencies included failure to disclose:
    the investments that represent 5% or more of the plan's net assets available for benefits (see paragraphs 2.26 (g), 3.28 (g) and 4.57 of the AICPA Guide);
    • information as to whether or not the plan has received a favorable tax determination ruling from the IRS (see paragraphs 2.26 (f), 3.28 (f) and 4.57 of the AICPA Guide);
    • the priorities of distribution of plan assets upon termination of the plan (see paragraphs 2.26 (c), 3.28 (c) and 4.57 of the AICPA Guide);
    • the funding policy of the plan (see paragraphs 2.26 (d), 3.28 (d) and 4.57 of the AICPA Guide); information regarding the method and significant assumptions used to determine the actuarial present value of the plan's accumulated plan benefits as required by FASB Statement No. 35 (see paragraphs 2.20 - 2.24 of the AICPA Guide).
  • Failure to comply with ERISAs or DOLs reporting and disclosure requirements. The most common reporting and disclosure deficiencies were as follows: the auditor's report failed to extend to one or more of the required supplemental schedules (see paragraphs 13.09-13.18 of the AICPA Guide);
    • the required supplemental schedules failed to include all the necessary information pursuant to ERISA and DOL regulations (see Appendix paragraphs A.51(b) and A.70-A.76 and Exhibit A-1 of the AICPA Guide);
    • the plan administrator inappropriately invoked the limited-scope audit exemption when the financial institution holding the plan's assets did not qualify for such exemption because it was not a bank or similar institution or an insurance company (see Appendix paragraphs A.57 - A.58 of the AICPA Guide);
    • the statement of net assets was not presented in comparative form as required by DOL regulations (see Appendix paragraph A.51(a) of the AICPA Guide);
    • the notes to the plan's financial statements failed to include certain information required by DOL regulations (for example, a note reconciling financial statement amounts to amounts reported in Form 5500 Series Annual Report) (see Appendix paragraph A.51(c) of the AICPA Guide);
    • the audit was of the trust rather than of the plan (see Appendix paragraph A.55 of the AICPA Guide).

Best Practices

To assist practitioners and CPA firms improve audit quality related to audits of employee benefit plans, and to reduce related enforcement and litigation risks, best practices used by firms in performing audits of employee benefit plans are noted below. These best practices were adapted from an article titled, "A Warning to CPAs on Employee Benefit Audits," by David M. Walker, CPA, in the June 1996 edition of the Journal of Accountancy (reprints may be obtained from the AICPA library at 888-777-7077; available for AICPA members only). The best practices are as follows:

  • Assign professionals trained in auditing employee benefit plans — preferably at the manager and/or senior level — to employee benefit plan audits, especially for higher-risk engagements. Factors that could be indicative of a high risk employee benefit plan audit include, among other things: plan sponsor financial difficulties; significant underfunding; volatile or non-readily marketable investments (for example, real estate and derivatives); plan amendments; changes in actuarial estimates or methods; plan merger, consolidation or termination; settlement of obligations or curtailment of accrual of benefits; initial audits; existence of prohibited transactions or unusual party-in-interest transactions; weak control environment (little or no direct plan sponsor involvement with plan administration); change in trustee, custodian or record keeper; report in accordance with Statement on Auditing Standards No. 70, Reports on the Processing of Transactions by Service Organizations, not available from trustee, custodian or third-party administrator; recent IRS or DOL investigation; and accounting changes.
  • Perform second (concurring) partner reviews on higher-risk engagements (see above for factors that could be indicative of a high risk employee benefit plan audit). (Concurring partner reviews are required for members firms of the AICPA SEC Practice Section who audit plans that file Form 11-K.)
  • Coordinate responsibility for employee benefit plan audits between audit and tax staff, so that qualified tax staff review the plan's tax status, transactions with parties-in-interest, and Form 5500.
  • Ensure that engagement personnel have access to current guidance (see "Common Deficiencies" section above for a discussion of the AICPA Guide and the AICPA Audit Risk Alert).
  • Ensure that engagement personnel have adequate training in employee benefit plan audits and any other related matters. (The AICPA sponsors an annual national conference on employee benefit plans, which provides hands-on interactive workshops in auditing, taxation, Form 5500 preparation, plan administration, and multi-employer plans; question and answer sessions with industry experts and government officials directly responsible for regulating employee benefit plans; and updates on all the recent and proposed employee benefit plan legislative and regulatory matters. The AICPA also offers the following self-study courses: Employee Benefit Plans I: Accounting Principles, Audits of Employee Benefit Plans, and Audits of 401(k) Plans. To obtain further information about the conference and the self-study courses, call 888/777-7077.
  • Use standardized engagement tools and documentation approaches. The AICPA has published checklists for defined benefit, defined contribution and health and welfare plans. The checklists include both industry specific and general disclosure requirements, and can be ordered from the AICPA Order Department at 888/777-7077.
  • Use the AICPA's publication, Financial Statement Reporting and Disclosure Practice for Employee Benefit Plans (Product No. 008725), which gives examples on required disclosure for employee benefit plan financial statements.
  • Ensure that the CPA firm's internal inspection or monitoring program addresses employee benefit plan audit engagements and that engagement reviews are performed by qualified personnel.
  • Use technical hotlines and support services provided by the AICPA and various state societies. The AICPA's Technical Information Division offers a hotline for accounting and auditing practice questions, and can be reached, free of charge to AICPA members, at 888/777-7077. The AICPA's Tax Information Phone Service ("TIPS") offers a hotline for federal, state and local tax questions, and can be reached at 888/777-7077, option 3, or members can submit questions through the AICPA Web site (see Home target]pubs/cpaltr/julaug98/index.htm). TIPS charges a fee of $3 per minute (with a $30 minimum) from January 15 to April 15 and $2 per minute (with no minimum) the rest of the year, whether the query is by phone or through the Web site. The fee is billed to the member's MasterCard, Visa or Discover credit card. Also, the PWBA encourages auditors and plan filers to call its Division of Accounting Services at 202/219-8794 with ERISA-related accounting and auditing questions and questions regarding preparation of Form 5500. Questions concerning filing requirements should be directed to the PWBA's Division of Reporting Compliance at 202/219-8770.
  • Consider engaging the services of another CPA firm, experienced in employee benefit plan accounting, audit and ERISA matters, when necessary and appropriate.

Implementing these best practices can significantly improve audit quality and client service and reduce related enforcement and litigation risks.

Recent Developments

In June 1998, the Financial Accounting Standards Board issued Statement No. 133, Accounting for Derivative Instruments and Hedging Activities. FASB No. 133 applies to employee benefit plans, although most plans do not hold such instruments. The AICPA's publication, 1999 Employee Benefit Plan Audit Risk Alert, describes the accounting effects of FASB No. 133 relating to employee benefit plans.

There are currently two proposed Statements of Positions (SOPs) relating to employee benefit plans. The two SOP's would amend the Audit and Accounting Guide of Employee Benefit Plans, SOP 92-6, Accounting and Reporting by Health and Welfare Plans and SOP 94-4, Reporting of Investment Contracts Held by Health and Welfare Benefit Plans and Defined Contribution Plans.

Service Organizations

Many plans are now offering their participants on-line access to their 401(k) plans. In such circumstances, participants can review their accounts, and change their investment elections at any time, even from home. Because plan participants can change their investments daily, by telephone or via Intranet sites, daily valuations of such plans are becoming commonplace with virtually no record of the changes being maintained by the service provider of the plan. Additionally, more and more services are being "bundled" and provided by one service provider. These service providers execute transactions and maintain accountability on behalf of the plan administrator. For example, outside service organizations such as, bank trust departments, insurance companies, and benefits administrators may maintain records and process benefit payments. Often, the plan sponsor does not maintain independent accounting records of transactions executed by the service provider. In fact, many plan sponsors no longer maintain records such as participant enrollment forms detailing the contribution percentage and the allocation by fund option, and this amount can be changed by telephone or on-line without any record. In these situations, the auditor may be unable to obtain a sufficient understanding of internal controls relevant to transactions executed by the service organization in planning the audit and determining the nature, timing and extent of testing to be performed without considering those components maintained by the service organization. These circumstances require an understanding of the requirements of SAS No. 70, Reports on the Processing of Transactions by Service Organizations, and additional explanation is described in Practice Alert 99-2, How the Use of a Service Organization affects Internal Control Considerations.

Year 2000 Issues

Generally, the Year 2000 issues are the entity's management's responsibility and not the auditor's. Management must assess and remediate the affects of the Year 2000 issue on an entity's system. Under generally accepted auditing standards, the auditor has the responsibility to plan and perform the audit to obtain reasonable assurance whether the financial statements are free of material misstatement. Thus, the auditor's responsibility relates to the detection of material misstatement of the financial statements being audited, whether caused by the Year 2000 issues or by some other cause.

However, auditors should be aware of the auditing and accounting issues that arise from the Year 2000 issue, including audit planning, going-concern issues, establishing an understanding of the services to be provided to the client, impairment of revenue and expense recognition, and disclosure. A more comprehensive discussion of this topic can be found in AICPA's 1999 Audit Risk Alert. Additional information on Year 2000 Issues can be found on the AICPA's website.

Comments or questions on this Alert should be directed to the AICPA's SEC Practice Section at (201) 938-3022.

For Other Supplements:

 

 

  
 
To ensure that you can receive email messages from the AICPA, remember to update your member profile. Also, add the AICPA's email domains ("aicpa.org" and "email.aicpa.org") to your Sender Safe List, or contact your IT administrator to update your firm's email software.

©2006-2008 The American Institute of Certified Public Accountants, ISO 9001 Certified
AICPA Privacy Policy and Copyright Information | Jobs at the AICPA | Contact Us
AICPA, 1211 Avenue of the Americas, New York, NY 10036
Trusted Commerce